Threat Intelligence Blog

The More Things Change…

Cyber Criminals Don’t Limit Themselves to Just One Area of Fraud

Cyveillance has monitored the activity of rogue online pharmacies for several years. Websites which internet users may come across which sell viagra, levitra, and soma online without a prescription are everywhere. These websites come and go as the affiliate webmasters who run them come in and out of the business. However the big players that run the affiliate programs in this dangerous online pharmacy market don’t change very often and while some new ones continue to appear on the radar, in general the old ones are unfortunately doing well.

Back in July we wrote about one such group and their expansion into new but equally illegal territory. This crew of Russian cyber criminals who traditionally specialized in illegally sending unapproved and sometimes counterfeit drugs to patients in the United States now announced their plans to offer counterfeit luxury goods. Since writing that piece we have observed another Russian online pharmacy network announce a similar move into counterfeit luxury goods. They don’t want to miss out on the action.

So it was no surprise when we recently discovered yet another Russian online pharmacy network (who also primarily targets American citizens) moving into new territory. In the screenshot below, you can see a website that their web designer was working on but had not yet finished.

An illegal online pharmacy in the process of becoming a distributor of illegal copies of Microsoft Windows. Click to enlarge.

You will notice that parts of the page are identical to one of the online pharmacy templates they offer to their affiliate webmasters. Down the left hand side, it still lists drugs they wish to sell illegally, and in the search box at the top of the page it reads, “search medicine by name”. But the title of the page reads “Discount Software” and the items named in the center of the page all read “Windows 7 Ultimate”.

Note the phone number, which is the same as found on hundreds of illegal online pharmacies currently online. Click to enlarge.

The stolen logos of Microsoft, Adobe, Verisign, CNet, and Autodesk are likely included to suggest the legitimacy of their software sales.

In the screenshot below of rogue online pharmacy hqdrugs.com, we can see the same phone number (800-998-7978) and the same exact listing of categories going down the left hand side of the page.

This illegal online pharmacy has the same phone number and product categories as the site shown in previous screenshots above. Click to enlarge.

So there’s a pretty good chance that the first two screenshots reveal this rogue online pharmacy network directing its attention to illegal software sales. This will not only give them entry into a new market, exposing them to new (and unlucky) customers, but provide them new income should increasing scrutiny be given to the dangerous world of online illegal pharmacies.

As always, Cyveillance warns against doing business with such operations. If you’re curious whether the site you stumbled across is legitimate, see if it passes all of the criteria offered by the FDA regarding online pharmacies. Software downloads should only come directly from the original software company.